FinCEN, banking agencies clarify FAQs on suspicious activity reporting

Summary

On October 8, 2025, the Financial Crimes Enforcement Network (FinCEN)—jointly with the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA) and the Office of the Comptroller of the Currency (OCC)—issued answers to frequently asked questions (FAQs) that clarified when and how financial institutions should file suspicious activity reports (SARs). The FAQs are intended to sharpen risk-based compliance practices, reduce unnecessary filings and focus resources on activities most valuable to law enforcement and other authorized government users of Bank Secrecy Act (BSA) reporting. The FAQs do not change underlying BSA/AML legal requirements or establish new supervisory expectations, however they do modify stricter interpretations contained in prior guidance, which will alleviate reporting obligations under certain circumstances.

Key clarifications

Transactions at or near the CTR threshold are not per se suspicious

Institutions are not required to file a SAR solely because a transaction or series of transactions occurs at or near the US$10,000 currency transaction reporting (CTR) threshold. A SAR is required only when the institution knows, suspects or has reason to suspect that the activity is designed to evade BSA reporting requirements or otherwise meets SAR criteria. Attempting to evade CTR reporting—structuring—is unlawful and may indicate underlying illicit activity. Risk-based monitoring should remain calibrated to detect potential structuring “in any manner,” including breaking up cash transactions into amounts at or below US$10,000, across days or institutions. A financial institution’s AML/CFT program should be designed to detect and report structuring to guard against use of the institution for money laundering and ensure the institution is compliant with the suspicious activity reporting requirements of the BSA. The extent and specific parameters under which a financial institution must monitor accounts and transactions for suspicious activity should be commensurate with the level of money laundering and terrorist financing risk of the specific institution, considering (among various factors) the type of products and services it offers, the locations it serves and the nature of its customers.

No standalone “post-SAR” review requirement

The FAQs clarify that institutions are not required to conduct a separate, manual review of a customer or account after filing a SAR to determine whether suspicious activity has continued. Institutions may rely on their risk-based internal policies, procedures and controls—automated or otherwise—provided they are reasonably designed to identify and report suspicious activity.

Continuing activity SARs: timing is flexible, not mandatory every 90 days

Prior FinCEN guidance suggested filing updated SARs on continuing activity at least every 90 days, which has sometimes been treated as a de facto requirement. The FAQs reiterate that this cadence is not mandatory. Institutions may file continuing activity SARs as appropriate in line with applicable SAR timelines. For institutions that elect to use the continuing activity framework, an illustrative timeline is: Day 0 (detection); Day 30 (initial SAR with identified subject); Day 120 (end of 90-day period); Day 150 (continuing activity SAR). When filing a continuing activity SAR, the suspicious activity date range should capture the entire relevant 90-day period following the prior filing.

No requirement to document decisions not to file a SAR

In a reversal of longstanding guidance, the revised FAQs state that the BSA and implementing regulations do not require institutions to document a decision not to file a SAR. The FAQs emphasize that while prior guidance encouraged such documentation, it remains optional. Where institutions choose to document decisions to not file a SAR, a concise statement aligned to internal, risk-based policies is generally sufficient, although the guidance notes that more fulsome documentation may be appropriate for complex investigations.

What hasn’t changed

The FAQs reaffirm existing SAR standards, including thresholds and timelines. A SAR must be filed no later than 30 days after initial detection of facts that may constitute a basis for filing; if no suspect is identified within 30 days, institutions may take up to 60 additional days to make a filing, but no longer. Structuring remains unlawful and a focus of AML/CFT controls. Programs should remain risk-based and controls should be commensurate with risks presented by the institution’s products, services, geographic markets and customers.

Practical implications and next steps

Institutions should assess whether their monitoring rules and alerting thresholds treat transactions near US$10,000 as inherently suspicious. Overly sensitive scenarios that automatically trigger SAR workflows without additional risk indicators may be recalibrated to reduce false positives while preserving the ability to detect structuring patterns. Post-SAR processes can be streamlined where separate manual reviews have been embedded purely to meet perceived “90-day” expectations; reliance on existing risk-based monitoring, quality assurance and escalation protocols is appropriate if reasonably designed and documented. Policies on continuing activity SAR filings can be adjusted to reflect the optional nature of the 90/120/150-day cadence, while ensuring adherence to general SAR timing requirements. Documentation standards for “no file” decisions can be aligned with the clarified flexibility, ensuring concise, risk-based rationales where institutions elect to record such outcomes, with enhanced detail reserved for complex matters.

Considerations for community banks

The OCC has underscored that these clarifications also apply to community banks. Right-sizing alert generation, review cadence and documentation practices to the bank’s risk profile can meaningfully reduce burden while maintaining effectiveness. Community banks should confirm that vendor systems and internal procedures reflect the clarified expectations, particularly around near-threshold cash activity, recurring SAR filings and “no file” documentation.

Bottom line

The FAQs promote a more targeted, risk-based approach to SAR decisioning and timing. By reducing unnecessary reviews and filings, institutions can redirect efforts to higher-value investigations, while maintaining compliance with core BSA/AML obligations.